package com.example.demo.config;

import javax.annotation.Resource;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@Configuration
public class BrowerSecurityConfig extends WebSecurityConfigurerAdapter{

	@Resource
	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
	@Resource
	private AuthenticationFailureHandler myAuthenticationFailureHandler;
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.formLogin()
		.loginPage("/login.jsp").usernameParameter("username").passwordParameter("password").defaultSuccessUrl("/hello")  
		.loginProcessingUrl("/login")
		.successHandler(myAuthenticationSuccessHandler)                                 // 认证成功回调 一般不设置
        .failureHandler(myAuthenticationFailureHandler)									// 认证失败的回调 
		.and().authorizeRequests()
//      .antMatchers("/logout").permitAll()  
		.antMatchers("/img/**").permitAll()  
		.antMatchers("/js/**").permitAll()  
		.antMatchers("/css/**").permitAll()  
		.antMatchers("/bootstrap/**").permitAll()  
		.antMatchers("/fonts/**").permitAll()  
		.antMatchers("/favicon.ico").permitAll()
		.antMatchers("/login.jsp").permitAll()
		.antMatchers("/login").permitAll()
		.anyRequest().authenticated()
		.and();
//        .csrf().disable(); 
	}
	/**
	 * 注入一个密码验证器，可以自己实现，这里使用默认的
	 * @return
	 */
	@Bean
	public PasswordEncoder passwordEncoder() {
	     return new BCryptPasswordEncoder();
	 }

}
